Impact
Vulnerability stemming from inadequate protection of user information in the Assassin game API and local database, allowing unauthenticated remote attackers to retrieve email and phone number fields and expose sensitive data regarding minors and municipal users. The weakness represents an unauthorized disclosure of private data, aligning with CWE-200.
Affected Systems
Gaudire’s Assassin game is the affected product. No specific version numbers are supplied, but the vulnerability exists in both the application’s API layer and its underlying local database.
Risk and Exploitability
The CVSS score of 9.2 signals a high severity of confidentiality compromise, while EPSS data is unavailable and the vulnerability is not present in CISA’s KEV catalog. Because the API is reachable over the network and no authentication is required, an attacker can simply issue HTTP requests to the exposed endpoints to harvest personal data. The combination of wide access scope, simplicity of exploitation, and lack of an immediate patch elevates the risk for organizations using this product.
OpenCVE Enrichment